CVE-2025-11198 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting Juniper Networks Security Director Policy Enforcer prior to version 23.1R1 Hotpatch v3. The flaw allows an unauthenticated attacker on the network to upload malicious vSRX images that can replace legitimate ones during deployment to VMware NSX environments. The vulnerability arises because the Policy Enforcer does not properly authenticate requests to critical functions responsible for image replacement. When a trusted user initiates deployment, the system may unknowingly deploy the attacker’s malicious image instead of the legitimate one, leading to a complete compromise of the integrity of the deployed virtual firewall images. This can enable attackers to execute arbitrary code, bypass security controls, or disrupt network operations. The vulnerability does not affect Junos Space Security Director Insights, limiting the scope to the Policy Enforcer product. The CVSS 3.1 base score is 7.4, with vector AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N, indicating network attack vector, low attack complexity, no privileges required, user interaction required, and a scope change with high impact on integrity but no confidentiality or availability impact. No public exploits are known at this time, but the potential for impactful attacks is significant given the critical role of image deployment in network security infrastructure.

For European organizations, this vulnerability poses a significant risk to the integrity of their network security infrastructure, particularly those using Juniper Security Director Policy Enforcer integrated with VMware NSX. Successful exploitation could allow attackers to deploy malicious virtual firewall images, potentially leading to unauthorized access, lateral movement, or disruption of network security policies. This could compromise sensitive data, violate compliance requirements such as GDPR, and damage organizational reputation. The impact is heightened in sectors with critical infrastructure, finance, telecommunications, and government, where network security is paramount. The lack of authentication means attackers can operate without credentials, increasing the attack surface. Although user interaction is required (a trusted user initiating deployment), social engineering or insider threats could facilitate exploitation. The vulnerability’s network-based nature means it can be exploited remotely, increasing risk for organizations with exposed management interfaces or insufficient network segmentation.

1. Immediately apply the 23.1R1 Hotpatch v3 or later updates provided by Juniper Networks to remediate the vulnerability. 2. Restrict network access to the Security Director Policy Enforcer management interfaces using firewalls and network segmentation to limit exposure to trusted administrative networks only. 3. Implement strict access controls and multi-factor authentication for users authorized to initiate deployments to reduce the risk of unauthorized or accidental deployment of malicious images. 4. Monitor deployment logs and network traffic for unusual activity or unauthorized image uploads. 5. Conduct regular security audits and penetration testing focused on the Policy Enforcer environment to detect potential exploitation attempts. 6. Educate administrators and users involved in deployment processes about social engineering risks and the importance of verifying image integrity before deployment. 7. Consider deploying additional integrity verification mechanisms such as cryptographic signing and validation of vSRX images prior to deployment to detect tampering.